This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iCDLvxYdAykrIxvCC48ohuJmwcs.roa
File:                     iCDLvxYdAykrIxvCC48ohuJmwcs.roa (raw, json)
Hash identifier:          Ume17i9/BCAtK0RFxYp+aFptPOFLeGk5A4An1t7V2u4=
Subject key identifier:   88:20:CB:BF:16:1D:03:29:2B:23:1B:C2:0B:8F:28:86:E2:66:C1:CB
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019B7A5B78CA183E28F6DF88A7F8037B76A7
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iCDLvxYdAykrIxvCC48ohuJmwcs.roa
Signing time:             Thu 01 Jan 2026 16:19:33 +0000
ROA not before:           Thu 01 Jan 2026 16:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61138
IP address blocks:        193.57.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:78:ca:18:3e:28:f6:df:88:a7:f8:03:7b:76:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 16:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8820cbbf161d03292b231bc20b8f2886e266c1cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2a:ec:e6:1a:f4:3e:48:fc:f6:67:9d:0e:5e:
                    8c:0a:0e:88:6a:eb:76:07:dc:a2:70:e0:74:76:b3:
                    98:11:2c:0f:fd:2e:52:f0:20:13:f0:65:18:9f:a7:
                    c2:3e:43:1c:c8:48:49:8c:82:c5:62:91:4f:e6:fd:
                    35:3b:b1:63:ef:51:ee:16:c1:78:cd:25:97:d9:38:
                    b1:53:6b:63:bf:08:0d:1c:d3:4f:29:83:b2:f3:38:
                    26:e2:3c:30:75:22:1c:26:fd:44:17:8d:c1:3e:75:
                    7c:02:ec:69:5b:7e:99:ed:e0:2b:2e:be:66:dd:18:
                    0c:3e:97:ed:a9:38:96:6a:29:d5:da:16:aa:44:6b:
                    48:05:ca:1d:5f:fb:3c:86:66:6c:37:a5:e8:48:5e:
                    bb:a2:05:23:a4:23:47:54:ad:f1:06:18:46:4f:6e:
                    8c:e5:37:c8:bd:f5:ed:b5:68:37:3f:68:54:40:79:
                    73:6d:b6:22:4d:f3:89:f9:d7:f2:5b:d5:3e:48:d8:
                    46:59:ff:bb:60:09:08:d7:0a:3d:44:d0:71:8d:30:
                    60:c4:4d:d4:64:46:8d:46:86:6d:8a:10:68:8b:45:
                    e2:75:bb:8a:f3:0c:77:a8:f2:34:8e:f1:36:fd:dd:
                    94:10:e7:e3:25:86:d2:2c:47:46:6a:01:fd:2b:d7:
                    86:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:20:CB:BF:16:1D:03:29:2B:23:1B:C2:0B:8F:28:86:E2:66:C1:CB
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/iCDLvxYdAykrIxvCC48ohuJmwcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:d6:1b:aa:16:ce:87:38:85:fc:e1:18:2a:67:32:e4:ec:07:
         7d:80:da:b7:62:08:0d:d2:79:70:fc:79:69:84:b8:02:1f:bd:
         27:08:0f:72:0e:28:58:7f:4f:f1:11:d6:9e:b4:2d:94:22:ce:
         fe:66:e8:73:fc:5c:df:6f:c6:a6:0f:f4:d8:52:61:a2:8a:f3:
         69:57:d0:67:28:3b:dc:7e:9c:2c:87:19:38:bf:92:5f:1f:27:
         2c:84:bf:2c:dc:ea:64:55:7b:64:14:67:1f:f5:4b:18:42:58:
         13:43:d0:6f:fa:fa:91:c0:22:45:cc:a9:1d:e9:cc:1d:7d:32:
         5d:96:80:80:06:12:d0:cc:95:bb:5b:c4:ec:ee:80:70:f3:f6:
         0e:da:05:7a:fe:61:40:f1:7d:62:6c:86:3e:5f:3b:20:d3:98:
         66:a4:59:d2:c9:0b:34:76:f5:cd:31:bd:69:51:36:29:0d:b4:
         b5:9a:70:d0:cd:85:d8:09:1f:d8:71:24:81:32:72:4d:04:a3:
         ec:07:20:a5:f6:d4:1f:7c:3e:9a:76:8d:05:01:ec:6b:92:a4:
         8d:59:41:03:8e:dc:3f:aa:76:41:54:4f:09:f8:75:78:e4:10:
         29:a5:e2:41:c1:b9:d1:1e:97:4b:8d:3f:22:aa:97:c2:9f:20:
         99:ba:ae:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W3jKGD4o9t+Ip/gDe3anMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjYwMTAxMTYxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODIwY2JiZjE2MWQwMzI5MmIyMzFiYzIwYjhmMjg4NmUyNjZjMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyrs5hr0Pkj89medDl6MCg6Iaut2
B9yicOB0drOYESwP/S5S8CAT8GUYn6fCPkMcyEhJjILFYpFP5v01O7Fj71HuFsF4
zSWX2TixU2tjvwgNHNNPKYOy8zgm4jwwdSIcJv1EF43BPnV8AuxpW36Z7eArLr5m
3RgMPpftqTiWainV2haqRGtIBcodX/s8hmZsN6XoSF67ogUjpCNHVK3xBhhGT26M
5TfIvfXttWg3P2hUQHlzbbYiTfOJ+dfyW9U+SNhGWf+7YAkI1wo9RNBxjTBgxE3U
ZEaNRoZtihBoi0XidbuK8wx3qPI0jvE2/d2UEOfjJYbSLEdGagH9K9eGdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIggy78WHQMpKyMbwguPKIbiZsHLMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvaUNETHZ4WWRBeWtySXh2Q0M0OG9odUptd2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBh1huqFs6HOIX84RgqZzLk7Ad9gNq3YggN0nlw/Hlp
hLgCH70nCA9yDihYf0/xEdaetC2UIs7+Zuhz/Fzfb8amD/TYUmGiivNpV9BnKDvc
fpwshxk4v5JfHycshL8s3OpkVXtkFGcf9UsYQlgTQ9Bv+vqRwCJFzKkd6cwdfTJd
loCABhLQzJW7W8Ts7oBw8/YO2gV6/mFA8X1ibIY+Xzsg05hmpFnSyQs0dvXNMb1p
UTYpDbS1mnDQzYXYCR/YcSSBMnJNBKPsByCl9tQffD6ado0FAexrkqSNWUEDjtw/
qnZBVE8J+HV45BAppeJBwbnRHpdLjT8iqpfCnyCZuq7S
-----END CERTIFICATE-----